In October 2023, Deer Oaks Behavioral Health in Texas disclosed a ransomware attack that affected 171,871 patients, which they discovered on September 1, 2023. LockBit3.0 claimed responsibility at the time and leaked data from the incident. Today, HHS OCR announced a settlement with Deer Oaks following an expanded investigation that had been opened after an…
Category: HIPAA
Plastic surgeons often store nude photos of patients with their identity information. When would we call that “negligent?”
Claims of “negligence” are often raised in lawsuits. DataBreaches is not a lawyer, of course, but wonders whether by now, we should consider a plastic surgeon “negligent” in their data security if they store nude photos of their patients with patient names and identity information in plain text and no strong encryption or suitable alternative…
Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach
U.S. Dermatology Partners, which has over 100 locations across eight states, recently posted a notice of a data security incident on its website. As stated in their notice: On June 19, 2024, USDP experienced a network disruption. Upon detecting the incident, we quickly took steps to secure our network, immediately initiated our incident response processes…
North Shore University Sleep Disorders Center employee charged with secretly recording patients in restrooms
On May 23, the North Shore University Sleep Disorders Center in New York notified HHS that 13,332 patients were affected by a breach that it coded as “Unauthorized Access/Disclosure” of data located “Other.” While the number affected might not seem unusually disturbing in this day and age of big breaches, the circumstances of the breach…
Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
In May 2022, DataBreaches reported that ambulance billing service Comstar LLC in Massachusetts was notifying an undisclosed number of people following a data security breach of their system detected on March 26, 2022. On May 26, 2022, they also notified HHS of the incident, reporting that 68,957 patients were affected. Today, HHS OCR announced that…
HHS OCR Settles HIPAA Security Rule Investigation of BayCare Health System for $800k and Corrective Action Plan
HHS OCR has settled another enforcement action involving the HIPAA Security Rule. From their press release yesterday, it sounds like an insider wrongdoing case. In its formal resolution agreement, the government states that on October 23, 2018, OCR received a complaint alleging that on October 8, 2018, an unknown third party accessed her printed and…